Ledger CTO, Charles Guillemet, has raised the alarm about a concerning crypto supply chain attack that could impact millions of users. The attack utilizes compromised NPM (Node Package Manager) packages to steal cryptocurrency from unsuspecting individuals and developers. These packages, utilized by numerous web apps, browser extensions, and backend tools, have over 1 billion downloads and are now being weaponized by attackers for malicious activities. Guillemet emphasizes the danger posed by this type of attack, stating that it can affect any project dependent on compromised software. The attack involves injecting malicious code into commonly used open-source packages, potentially leading to theft of private keys and assets. This kind of supply chain vulnerability poses a significant threat as it targets the foundation of modern software development: open-source collaboration. Guillemet urges all members of the crypto community— developers, users, and industry players— to take this risk seriously by implementing safeguards such as strict code auditing, securing development pipelines, and using hardware wallets for maximum protection. The attack highlights the importance of safeguarding your private keys against such compromises, especially during a time when software supply chain security is under increased scrutiny.